Security-Oriented Analysis of Application Programs (SOAAP)

Sandboxing technologies such as Capsicum and
CHERI support the fine-grained compartmentalisation
of large-scale applications such as web browsers and office suites, as well as
multiple-component software such as the UNIX userspace.
When deployed correctly, application compartmentalisation offers significant
benefits by allowing policies to be imposed within applications, and in
mitigating exploited vulnerabilities.
However, application compartmentalisation remains an art rather than a
science: identifying, implementing, and debugging partitioning strategies
requires detailed expertise in both the application and security.
SOAAP is exploring semi-automated techniques, grounded in static analysis,
dynamic analysis, and automated program transformation, to improve the
developer experience.
This project is jointly funded by Google and DARPA, and takes place within the
context of the CTSRD project.